CISM Certified Information Security Manager – Question0575

Which of the following should be the PRIMARY consideration for an information security manager when designing security controls for a newly acquired business application?

A.
Known vulnerabilities in the application
B. The IT security architecture framework
C. Cost-benefit analysis of current controls
D. Business processes supported by the application

Correct Answer: C